Network diagram:
Site A (.85)----172.24.0.84/30---- (.86)Site B
|(.66) |(.102)
| |
|(172.24.0.64/30) |(172.24.0.100/30)
|(.65) |(.101)
-------------- Site C ---------------
Router configs & traceroute result:
site_a:
interface FastEthernet0/0
ip address 172.24.0.85 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.24.0.65 255.255.255.252
duplex auto
speed auto
!
router bgp 900
no synchronization
bgp router-id 172.24.0.65
bgp log-neighbor-changes
network 172.24.0.64 mask 255.255.255.252
network 172.24.0.84 mask 255.255.255.252
timers bgp 1 3
neighbor 172.24.0.66 remote-as 100
neighbor 172.24.0.66 soft-reconfiguration inbound
neighbor 172.24.0.86 remote-as 1200
neighbor 172.24.0.86 soft-reconfiguration inbound
neighbor 172.24.0.86 route-map site_b_only in
no auto-summary
!
ip as-path access-list 1 permit ^[0-9]+_[0-9]+$
!
route-map site_b_only permit 10
match as-path 1
_____________________________________
site_b:
interface FastEthernet0/0
ip address 172.24.0.86 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.24.0.102 255.255.255.252
duplex auto
speed auto
!
router bgp 1200
no synchronization
bgp router-id 172.24.0.86
bgp log-neighbor-changes
network 172.24.0.84 mask 255.255.255.252
network 172.24.0.100 mask 255.255.255.252
timers bgp 1 3
neighbor 172.24.0.85 remote-as 900
neighbor 172.24.0.85 soft-reconfiguration inbound
neighbor 172.24.0.85 route-map site_a_only in
neighbor 172.24.0.101 remote-as 100
neighbor 172.24.0.101 soft-reconfiguration inbound
no auto-summary
!
ip as-path access-list 1 permit ^900_[0-9]*$
!
route-map site_a_only permit 10
match as-path 1
__________________________________________
site_c:
interface FastEthernet0/0
ip address 172.24.0.66 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.24.0.101 255.255.255.252
duplex auto
speed auto
!
router bgp 100
no synchronization
bgp router-id 192.168.255.2
bgp log-neighbor-changes
network 172.24.0.64 mask 255.255.255.252
network 172.24.0.100 mask 255.255.255.252
timers bgp 1 3
neighbor 172.24.0.65 remote-as 900
neighbor 172.24.0.65 soft-reconfiguration inbound
neighbor 172.24.0.102 remote-as 1200
neighbor 172.24.0.102 soft-reconfiguration inbound
no auto-summary
_________________________________________________________
site_c#show ip bgp
BGP table version is 4, local router ID is 192.168.255.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 172.24.0.64/30 172.24.0.65 0 0 900 i
*> 0.0.0.0 0 32768 i
* 172.24.0.84/30 172.24.0.102 0 0 1200 i
*> 172.24.0.65 0 0 900 i
* 172.24.0.100/30 172.24.0.102 0 0 1200 i
*> 0.0.0.0 0 32768 i
site_c#traceroute 172.24.0.85
Type escape sequence to abort.
Tracing the route to 172.24.0.85
1 172.24.0.65 28 msec 16 msec 20 msec
site_c#traceroute 172.24.0.86
Type escape sequence to abort.
Tracing the route to 172.24.0.86
1 172.24.0.65 24 msec 20 msec 24 msec
2 172.24.0.86 [AS 900] 16 msec 36 msec 24 msec
How could I force traffic not to route between Site A and Site B if traffic is from Site C ? I want Site C -> Site A, Site C -> Site B only; but Site A and Site B have to communicate via their p2p link
If you check the traceroute result from site C to 172.24.0.86, it still passing Site A, which is wrong.
Eventually deployment will be under Linux running Quagga, this is just simulation in my lab environment running IOS.
Best Answer
Since you're learning routes through BGP you need to learn how it picks the preferred path. With BGP it picks based on the number of AS it has to pass through. Since that network is learned from both and has the same hop count both are viable routes and equal. As shown in your routing table.
You need to modify another metric in order to change the path selection. There are a number of options. I'll leave it to you to decide.
Check out http://packetlife.net/media/library/1/BGP.pdf for a cheatsheet that contains path selection information.